ASTERISK-29747

Change-Id: Ic7a1e9453f805a6264fe86c96b7d18b87b376084

The stir_shaken configuration option now has 4 different choices to pick
from: off, attest, verify, and on. Off and on behave the same way they
do now. Attest will only perform attestation on the endpoint, and verify
will only perform verification on the endpoint.

Certain responses are required to be sent based on certain conditions
for STIR/SHAKEN. For example, if we get a Date header that is outside of
the time range that is considered valid, a 403 Stale Date response
should be sent. This and several other responses have been added.

Change-Id: I4ac1ecf652cd0e336006b0ca638dc826b5b1ebf7

From RFC 8225 Section 5.2.1:

    The "dest" claim is a JSON object with the claim name of "dest"
    and MUST have at least one identity claim object.  The "dest"
    claim value is an array containing one or more identity claim JSON
    objects representing the destination identities of any type
    (currently "tn" or "uri").  If the "dest" claim value array
    contains both "tn" and "uri" claim names, the JSON object should
    list the "tn" array first and the "uri" array second.  Within the
    "tn" and "uri" arrays, the identity strings should be put in
    lexicographical order, including the scheme-specific portion of
    the URI characters.

Additionally, make it clear that there was a failure to sign the JWT
payload and not necessarily a memory allocation failure.

Change-Id: Ia8733b861aef6edfaa9c2136e97b447a01578dc9

The text description needs to be the last thing on the AST_MODULE_INFO
line to be pulled in properly by menuselect.

Change-Id: I0c913e36fea8b661f42e56920b6c5513ae8fd832

STIR/SHAKEN requires a Date header alongside the Identity header, so
that has been added. Still on the outgoing side, we were missing the
dest->tn section of the JSON payload, so that has been added as well.
Moving to the incoming side, URL checking has been added to the public
cert URL to ensure that it starts with http.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Idee5b1b5e45bc3b483b3070e46ce322dca5b3f1c

STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.

The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c

During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.

We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.

The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d

the 'J' is missing in module description.
"PSIP STIR/SHAKEN Module for Asterisk" -> "PJSIP STIR/SHAKEN Module for Asterisk"

ASTERISK-29175 #close

Change-Id: I17da008540ee2e8496b644d05f995b320b54ad7a

In MODULEINFO, each depend has to be listed in .requires of AST_MODULE_INFO.

ASTERISK-29148

Change-Id: I254dd33194ae38d2877b8021c57c2a5deb6bbcd2

This avoids the inclusion of the OpenSSL headers in the public header,
which avoids one external library dependency in res_pjsip_stir_shaken.

Change-Id: I6a07e2d81d2b5442e24e99b8cc733a99f881dcf4

Added a new configuration option for PJSIP endpoints - stir_shaken. If
set to yes, then STIR/SHAKEN support will be added to inbound and
outbound INVITEs. The default is no. Alembic has been updated to include
this option.

Previously the dialplan function was not trimming the whitespace from
the parameters it recieved. Now it does.

Also added a conditional that, when TEST_FRAMEWORK is enabled, the
timestamp in the identity header will be overlooked. This is just for
testing, since the testsuite will rely on a SIPp scenario with a preset
identity header to trigger the MISMATCH result.

Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1

Integrated STIR/SHAKEN support with outgoing INVITEs. When an INVITE is
sent, the caller ID will be checked to see if there is a certificate
that corresponds to it. If so, that information will be retrieved and an
Identity header will be added to the SIP message. The format is:

header.payload.signature;info=<public_key_url>alg=ES256;ppt=shaken

Header, payload, and signature are all BASE64 encoded. The public key
URL is retrieved from the certificate. Currently the algorithm and ppt
are ES256 and shaken, respectively. This message is signed and can be
used for verification on the receiving end.

Two new configuration options have been added to the certificate object:
attestation and origid. The attestation is required and must be A, B, or
C. origid is the origination identifier.

A new utility function has been added as well that takes a string,
allocates space, BASE64 encodes it, then returns it, eliminating the
need to calculate the size yourself.

Change-Id: I1f84d6a5839cb2ed152ef4255b380cfc2de662b4

Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an
INVITE, the Identity header is retrieved, parsing the message to verify
the signature. If any of the parsing fails,
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this
caller ID. If verification itself fails,
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in
the payload does not line up with the SIP signaling,
AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps
pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the
verification process.

A new config option has been added to the general section for
stir_shaken.conf. "signature_timeout" is the amount of time a signature
will be considered valid. If an INVITE is received and the amount of
time between when it was received and when it was signed is greater than
signature_timeout, verification will fail.

Some changes were also made to signing and verification. There was an
error where the whole JSON string was being signed rather than the
header combined with the payload. This has been changed to sign the
correct thing. Verification has been changed to do this as well, and the
unit tests have been updated to reflect these changes.

A couple of utility functions have also been added. One decodes a BASE64
string and returns the decoded string, doing all the length calculations
for you. The other retrieves a string value from a header in a rdata
object.

Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913

Change-Id: Idba5151a3079f9dcc0076d635422c5df5845114f

This commit sets up some of the initial framework for the module and
adds a way to read the private key from the specified file, which will
then be appended to the certificate object. This works fine for now, but
eventually some other structure will likely need to be used to store all
this information. Similarly, the caller_id_number is specified on the
certificate config object, but in the end we will want that information
to be tied to the certificate itself and read it from there.

A method has been added that will retrieve the private key associated
with the caller_id_number passed in. Tab completion for certificates and
stores has also been added.

Change-Id: Ic4bc1416fab5d6afe15a8e2d32f7ddd4e023295f

Change-Id: I873c1c6d00f447269bd841494459efccdd2c19c0

ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes
all traces of it.

Previously exported symbols removed:
* __ast_register_file
* __ast_unregister_file
* ast_complete_source_filename

This also removes the mtx_prof static variable that was declared when
MTX_PROFILE was enabled.  This variable was only used in lock.c so it
is now initialized in that file only.

ASTERISK-26480 #close

Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966

Change-Id: Icf88f9f861c6b2a16e5f626ff25795218a6f2723

Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file. As a
result, this patch removes Asterisk's support for showing source file
versions.

Specifically, it does the following:

* Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and
  remove passing the version in with the macro. Other facilities
  than 'core show file version' make use of the file names, such as
  setting a debug level only on a specific file. As such, the act of
  registering source files with the Asterisk core still has use. The
  macro rename now reflects the new macro purpose.

* main/asterisk:
  - Refactor the file_version structure to reflect that it no longer
    tracks a version field.
  - Remove the "core show file version" CLI command. Without the file
    version, it is no longer useful.
  - Remove the ast_file_version_find function. The file version is no
    longer tracked.
  - Rename ast_register_file_version/ast_unregister_file_version to
    ast_register_file/ast_unregister_file, respectively.

* main/manager: Remove value from the Version key of the ModuleCheck
  Action. The actual key itself has not been removed, as doing so would
  absolutely constitute a backwards incompatible change. However, since
  the file version is no longer tracked, there is no need to attempt to
  include it in the Version key.

* UPGRADE: Add notes for:
  - Modification to the ModuleCheck AMI Action
  - Removal of the "core show file version" CLI command

Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e

ASTERISK-23919 #close
Reported by Malcolm Davenport

Review: https://reviewboard.asterisk.org/r/3802



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@419592 65c4cc65-6c06-0410-ace0-fbb531ad65f3

https://origsvn.digium.com/svn/asterisk/branches/1.10

................
  r328247 | lmadsen | 2011-07-14 16:25:31 -0400 (Thu, 14 Jul 2011) | 14 lines
  
  Merged revisions 328209 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.8
  
  ........
    r328209 | lmadsen | 2011-07-14 16:13:06 -0400 (Thu, 14 Jul 2011) | 6 lines
    
    Introduce <support_level> tags in MODULEINFO.
    This change introduces MODULEINFO into many modules in Asterisk in order to show
    the community support level for those modules. This is used by changes committed
    to menuselect by Russell Bryant recently (r917 in menuselect). More information about
    the support level types and what they mean is available on the wiki at
    https://wiki.asterisk.org/wiki/display/AST/Asterisk+Module+Support+States
  ........
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@328259 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@89511 65c4cc65-6c06-0410-ace0-fbb531ad65f3

were included almost everywhere.
Remove some of the instances.



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@89424 65c4cc65-6c06-0410-ace0-fbb531ad65f3

build times - tested, there is no measureable difference before and
after this commit.

In this change:

use asterisk/compat.h to include a small set of system headers:
inttypes.h, unistd.h, stddef.h, stddint.h, sys/types.h, stdarg.h,
stdlib.h, alloca.h, stdio.h

Where available, the inclusion is conditional on HAVE_FOO_H as determined
by autoconf.

Normally, source files should not include any of the above system headers,
and instead use either "asterisk.h" or "asterisk/compat.h" which does it
better. 

For the time being I have left alone second-level directories
(main/db1-ast, etc.).



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@89333 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(issue #11096)
Patches:
      codec_adpcm.c.patch uploaded by moy (license 222)
      codec_alaw.c.patch uploaded by moy (license 222)
      codec_a_mu.c.patch uploaded by moy (license 222)
      codec_g722.c.patch uploaded by moy (license 222)
      codec_g726.c.diff uploaded by moy (license 222)
      codec_gsm.c.patch uploaded by moy (license 222)
      codec_ilbc.c.patch uploaded by moy (license 222)
      codec_lpc10.c.patch uploaded by moy (license 222)
      codec_speex.c.patch uploaded by moy (license 222)
      codec_ulaw.c.patch uploaded by moy (license 222)
      codec_zap.c.patch uploaded by moy (license 222)
      format_g723.c.patch uploaded by moy (license 222)
      format_g726.c.patch uploaded by moy (license 222)
      format_g729.c.patch uploaded by moy (license 222)
      format_gsm.c.patch uploaded by moy (license 222)
      format_h263.c.patch uploaded by moy (license 222)
      format_h264.c.patch uploaded by moy (license 222)
      format_ilbc.c.patch uploaded by moy (license 222)
      format_jpeg.c.patch uploaded by moy (license 222)
      format_ogg_vorbis.c.patch uploaded by moy (license 222)
      format_pcm.c.patch uploaded by moy (license 222)
      format_sln.c.patch uploaded by moy (license 222)
      format_vox.c.patch uploaded by moy (license 222)
      format_wav.c.patch uploaded by moy (license 222)
      format_wav_gsm.c.patch uploaded by moy (license 222)
      res_adsi.c.patch uploaded by eliel (license 64)
      res_ael_share.c.patch uploaded by eliel (license 64)
      res_clioriginate.c.patch uploaded by eliel (license 64)
      res_convert.c.patch uploaded by eliel (license 64)
      res_indications.c.patch uploaded by eliel (license 64)
      res_musiconhold.c.patch uploaded by eliel (license 64)
      res_smdi.c.patch uploaded by eliel (license 64)
      res_speech.c.patch uploaded by eliel (license 64)


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@87889 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This commit closes bug 7605, and half-closes 7638. The AEL code has been redistributed/repartitioned to allow code re-use both inside and outside of Asterisk. This commit introduces the utils/conf2ael program, and an external config-file reader, for both normal config files, and for extensions.conf (context, exten, prio); It provides an API for programs outside of asterisk to use to play with the dialplan and config files.

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@79595 65c4cc65-6c06-0410-ace0-fbb531ad65f3